A fuzzy logic-based secure hierarchical routing scheme using firefly algorithm in Internet of Things for healthcare

The Internet of Things (IoT) is a universal network to supervise the physical world through sensors installed on different devices. The network can improve many areas, including healthcare because IoT technology has the potential to reduce pressure caused by aging and chronic diseases on healthcare systems. For this reason, researchers attempt to solve the challenges of this technology in healthcare. In this paper, a fuzzy logic-based secure hierarchical routing scheme using the firefly algorithm (FSRF) is presented for IoT-based healthcare systems. FSRF comprises three main frameworks: fuzzy trust framework, firefly algorithm-based clustering framework, and inter-cluster routing framework. A fuzzy logic-based trust framework is responsible for evaluating the trust of IoT devices on the network. This framework identifies and prevents routing attacks like black hole, flooding, wormhole, sinkhole, and selective forwarding. Moreover, FSRF supports a clustering framework based on the firefly algorithm. It presents a fitness function that evaluates the chance of IoT devices to be cluster head nodes. The design of this function is based on trust level, residual energy, hop count, communication radius, and centrality. Also, FSRF involves an on-demand routing framework to decide on reliable and energy-efficient paths that can send the data to the destination faster. Finally, FSRF is compared to the energy-efficient multi-level secure routing protocol (EEMSR) and the enhanced balanced energy-efficient network-integrated super heterogeneous (E-BEENISH) routing method based on network lifetime, energy stored in IoT devices, and packet delivery rate (PDR). These results prove that FSRF improves network longevity by 10.34% and 56.35% and the energy stored in the nodes by 10.79% and 28.51% compared to EEMSR and E-BEENISH, respectively. However, FSRF is weaker than EEMSR in terms of security. Furthermore, PDR in this method has dropped slightly (almost 1.4%) compared to that in EEMSR.

The Internet of Things (IoT) is a new platform for creating global communications between billions of devices around the world. IoT and wireless sensor networks (WSNs) are heavily connected to each other because sensors installed on physical objects sense and collect data from the environment, and then process and send it to the base station (BS) 1,2 . Therefore, sensors are important and vital elements in IoT. A WSN-based IoT network is made up of small sensors that measure the environment and collaborate with each other to gather information about the environmental status and send it to the BS or sink node 3,4 . IoT technology can be used in a variety of applications, including healthcare and elderly care. Smart healthcare is an important aspect of human life around the world, and it is expected that the technology will earn several billion dollars in the near future 5 www.nature.com/scientificreports/ function is suggested. This function helps improve network security in the clustering process because it includes the trust level of IoT nodes. Also, paying attention to the energy level and the number of hops between CHs and the base station in this objective function has improved energy efficiency in this method. • In FSRF, a routing method is offered to find reliable and energy-efficient routes between nodes to reduce the risk of forming fake and unsafe paths in the network because in this scheme, reliable nodes participate in the route discovery process and hostile nodes are not allowed to cooperate in this process. • In this paper, FSRF is compared with EEMSR and E-BEENISH with regard to network longevity, energy consumption, and packet delivery ratio. This comparison shows that FSRF well guarantees energy efficiency in the network because it increases the network longevity by 10.34% and 56.35% and the energy level stored in the nodes by 10.79% and 28.51% compared to EEMSR and E-BEENISH, respectively. However, FSRF is weaker in terms of security than EEMSR and it has less PDR (almost 1.4%) than EEMSR.
The structure of the paper is as follows: "Related works" section examines some research on cyber security attacks on IoT and their countermeasures. In "Base concepts" section, the main concepts used in the FSRF, namely the firefly algorithm (FA) and fuzzy logic are expressed. "System model" section includes the network model, the energy model, and the attack model. "The proposed method" section has stated various steps of FSRF. Simulation and evaluation results are presented in "Simulation and result evaluation" section. The conclusions obtained from this paper are described in "Conclusion" section.

Related works
In 25 , a security framework for routing is provided to prevent cyber security attacks in the Industrial Internet of things (IIoT). For designing this framework, the authors have benefited from different technologies like softwaredefined networking (SDN), network function virtualization (NFV), and blockchain. The designed framework is flexible, programmable, and secure. Moreover, a three-level SDN/NFV framework is employed in each domain to control and plan desired forwarding devices when calculating optimal routing policies. On the other hand, SDN controllers employ a blockchain framework to build a reliable environment. Next, a secure routing scheme based on this framework is introduced to support node authentication and behavior authentication in the network. The simulation process is done on the OMNET++ platform. The results show that the proposed system is better than other schemes with regard to scalability and stability when occurring attacks. In 26 , a reliable and efficient route selection solution called REERS is offered to get better energy efficiency and lower delay in IoT applications. Initially, REERS employs a clustered data aggregation model that regards energy levels for selecting cluster heads among IoT devices. Next, CHs collect the sensed data and delete duplicated information. Thereafter, various routes are found to the destination for transferring aggregated data packets. Finally, these packets will be directed with the lowest consumed energy, less hop count, and less lost data. The experimental results show that REERS optimizes delay, network longevity, as well as throughput, and PDR.
In 27 , the authors have introduced a blockchain-based lightweight authentication structure to check the validity of ordinary sensors. Note that IoT sensors have a short lifetime due to energy restrictions, thus they require a small validity value in blockchain to obtain a lightweight authentication structure. The network controller employs a genetic algorithm-based software to calculate paths. In addition, an on-demand routing technique is applied to optimize the energy used by nodes. The authors have suggested a path-checking framework to investigate the existence of malicious nodes. Furthermore, a novel structure is introduced to limit the activity of the hostile nodes. A list of hostile nodes is stored in the blockchain. This list is employed by the path-checking structure. The experimental results indicate the successful performance of this method with regard to consumed energy and the detection rate of hostile nodes.
In 28 , a routing technique based on the shuffled frog-leaping algorithm (SFLA) called RISA is provided for the Internet of Things. This technique employs SFLA to pick out a content-based path from source to destination. Content-based routing decreases the number of transmitted data packets and redundancy through data aggregation. This operation has a great impact on maintaining network resources. When a data packet moves from source to destination, the shortest and most optimized path must be selected to minimize energy consumption. RISA regards energy efficiency and consequently improves network longevity since it applies an appropriate data aggregation technique. Simulation results in MATLAB software show that RISA can optimize energy consumption, network longevity, throughput, and PDR.
In 29 , a Harris Hawks Optimization (HHO)-based reliable data dissemination technique called RDDI is suggested for IoT. This secure data dissemination framework offers a fuzzy hierarchical network model for WSNbased IoT networks. RDDI detects attacks and supervises information exchanged between nodes. It builds the data transfer process based on the energy and geographic location of nodes to improve the routing capability. Additionally, it employs a fuzzy clustering structure to pick out a trusted path. The authors evaluated RDDI with regard to five criteria, including reliability, end-to-end delay, consumed energy, computational overhead, and packet-sending distance in different multi-cluster scenarios. The experimental results emphasize the successful performance of RDDI in comparison with other approaches with regard to energy consumption, reliability, end-to-end delay, and computational overhead.
In 18 , a tree-based secure routing scheme supported by a dragonfly algorithm called CTSRD for IoT-based smart agriculture. It employs a decentralized and light trust structure called W-Trust. This structure regards a punishment coefficient to decrease the trust of hostile nodes. In contrast, it grows the trust of the valid nodes according to a growth coefficient. Furthermore, it makes a trusted clustering framework (T-Clustering). In this framework, CHs are selected from valid nodes. Eventually, CTSRD builds an inter-cluster routing tree inspired by the dragonfly algorithm named DA-Tree, which is safe, sustainable, and optimal and balances the energy used in the network and extend the longevity of the network. The experimental results emphasize that CTSRD is able www.nature.com/scientificreports/ to distribute consumed energy uniformly in comparison with other approaches and consequently gets better network longevity. However, PDR in this scheme is low. In 30 , a multi-level trusted energy-efficient routing scheme called EEMSR in IoT. The authors have used a clustering technique in this method since EEMSR is a effective solution in terms of energy consumption and scalability. In EEMSR, the analytic hierarchy process (AHP) is employed to forecast accurate weight coefficients in the normalization operation. Furthermore, an enhanced genetic algorithm (GA) is suggested to get the best performance and decide on intermediate nodes in multi-hop paths. This enhanced GA lowers the consumed energy in the network and counteracts the weaknesses of GA in the routing process. In addition, a multi-trust framework has been employed to defend against different attacks on the network. This framework computes the trust coefficient in the clustering and routing process. This coefficient is obtained from three trust values, including data perception, data fusion, and communication trust. EEMSR has also focused on both energy efficiency and security. The experimental results emphasize the successful performance of EEMSR compared to other schemes.
In 31 , an energy-efficient routing technique named E-BEENISH is presented for heterogeneous WSNs. It analyzes the energy used in inter-cluster and intra-cluster communications to balance energy consumption. E-BEENISH regards a weighted probability for each node when choosing CHs. This probability relies on remaining energy and the distance from the sink node to the desired node. E-BEENISH introduces a simple algorithm that considers the distance between the desired node and BS to overcome the threshold settings in BEENISH. The authors also studied the effect of the heterogeneity of sensor nodes in terms of energy used in the network. Simulation results show that E-BEENISH gets better network longevity in comparison to other clustering protocols.
In WSN-based IoT networks, sensor nodes include various constraints, especially energy, memory, and computing power. These constraints have faced challenges such as shortening the network lifetime and increasing the lost data packets. Therefore, the necessity of a hierarchical routing method in these networks is increasingly evident because clustering is a successful solution for designing energy-efficient routing methods. According to research works studied in this section and Table 1, it can be seen that in recent years, many hierarchical routing methods, for example, REERS 26 and E-BEENISH 31 have been provided in wireless sensor networks to manage energy consumption in these networks. However, these methods do not pay attention to the security issue and, if there are hostile nodes on the network, they will face weak performance. Note that sensor nodes can be deployed in a hostile environment and may be easily captured by attackers, which prevent the proper network performance by doing hostile operations. In this condition, it is important to create a secure connection between IoT nodes. Hence, many researchers focus on powerful security methods, such as Cao et al. 25 and Abbas et al. 27 . These methods are often not suitable for WSNs because they do not pay attention to the energy constraints of the nodes, which can reduce network longevity and lose their normal performance. This shows that the design of secure and energy-efficient routing protocols is a very important issue. Among the methods studied in this paper, some researchers, for example, RDDI 29 , CTSRD 18 , and EEMSR 30 have taken into account both energy efficiency and security. However, research on hierarchical and secure routing methods is still known as an important research www.nature.com/scientificreports/ gap, which requires further investigation and analysis. In this paper, a fuzzy secure hierarchical routing scheme based on the firefly algorithm (FSRF) is proposed for WSN-based IoT networks. In FSRF, a fuzzy theory-based trust structure is provided to evaluate the trust of IoT nodes and counteract cybersecurity attacks against IoT networks. Furthermore, this method includes a clustering method based on the Firefly algorithm that improves network security in the clustering process because it considers the trust levels of the nodes, and improves energy consumption in the network because it pays attention to the energy level and the number of hops to the base station. FSRF presents a routing method for finding reliable and energy-efficient routes between nodes in the network.

Base concepts
FSRF employs a nature-inspired optimization algorithm named the firefly algorithm (FA) and fuzzy logic (FL). Therefore, these two techniques are explained in this section.
Nature-inspired optimization algorithms. These algorithms are rooted in the social behaviors of biological species, for example, birds, fish, ants, and fireflies. In this system, the behaviors of agents that interact locally with their environment have led to the emergence of coherent global patterns. These algorithms have benefited from self-organization, parallel operations, distributed operations, flexibility, and stability 32,33 .
For this reason, their applications have gradually expanded to solve many IoT issues, including routing such as 18,28,29 , and 34 . They are used to solve many real-world engineering issues. For example, the firefly algorithm (FA) is a nature-inspired optimization algorithm presented by Yang in 2007 35 . This algorithm has benefited from flexibility in the population. This means that it is scalable. It can perform a relatively large search and corrects the responses in the search process. When getting the optimal solution, FA makes a balance between exploration and exploitation, and eventually reaches an optimal global behavior. These advantages have led to the use of this technique in the proposed method. This algorithm is inspired by the brightness of the fireflies.
In the FA algorithm, there are two important issues: light intensity changes and formulation of brightness and attractiveness. It is assumed that the attractiveness of fireflies is proportional to their brightness. Moreover, the brightness is determined by an objective function. In this algorithm, the less-light firefly will be attracted to the high-light firefly 35 .
Fuzzy logic. Fuzzy logic is a good scheme for mapping from the input space into an output space. It is a precise method based on approximate and inaccurate data. Fuzzy systems (FSs) are defined by fuzzy set theory 36,37 . A fuzzy set is a borderless set, which includes elements with partly membership degree (usually between 0 and 1). The fuzzy system may be less accurate than conventional systems, but more like our everyday experiences as human decisions. The fuzzy inference is the mapping process from a given input to an output using FL. Then, this mapping provides a basis for decision-making. The fuzzy inference comprises membership functions (MFs), fuzzy operators, and IF-THEN rules. Mamdani and Sugeno are two common fuzzy inference systems. A Mamdani system states that the output MFs are fuzzy sets. After aggregating the results, there is a fuzzy set for each output variable, which requires a defuzzifier. A Sugeno system also supports this behavior and is very similar to the Mamdani system. In fact, the first two parts of the fuzzy inference process, the fuzzifier process, and the use of fuzzy operators are similar. The main difference between Mamdani and Sugeno models is that output MFs in Sugeno can be fixed or linear. Whereas, output MFs in Mamdani are nonlinear 36,37 .
Usually, FS has four components: fuzzifier, fuzzy rules, inference engine, and defuzzifier. Fuzzification must categorize numerical scales into fuzzy sets. The knowledge base consists of IF-THEN rules that show linguistic reasoning. An inference engine executes the rules on the fuzzy inputs to get fuzzy results. The fuzzy controller needs the knowledge of an expert or operator experience to determine appropriate control rules and MFs. Fuzzifier can convert crisp data or fuzzy data into appropriate linguistic values through language variables and a variety of MFs, such as triangular, trapezoidal, and Gaussian. MF maps from each element of the input variables to a membership degree between 0 and 1. Triangular functions are usually used in FSs because of their simplicity. Finally, defuzzifier determines how to extract the crisp value from the fuzzy set. The well-known defuzzifier is the centroid, which shows more reliable results than others. The selection of a defuzzifier is very important and has a significant impact on the speed and accuracy of the fuzzy model 38 .

System model
This section describes different parts of the system model namely the network model, the energy model, and the attack model. Network model. In FSRF, the network is made up of heterogeneous IoT nodes ( n 1 , n 2 , ..., n i , ..., n T , so that T indicates the total number of nodes in the network) and a base station. The BS has different responsibilities, like data analysis and decision-making about data received from cluster heads. It is a motionless node, and all nodes know its position on the network. A special identifier is employed by each node (i.e. n i ). The distribution of the nodes in the network is done using a random manner. In FSRF, there is a connection between network nodes and the global positioning system (GPS). Hence, the nodes can obtain their spatial coordinates in the network. FSRF regards heterogeneous nodes, which have different energy levels, computational power, and storage capacity. In FSRF, the nodes are placed in clusters. Each cluster is made up of a cluster head (CH) and a number of cluster members (CMs). CMs have various responsibilities such as sensing the environment and transferring the data to the CH. They perform the intra-cluster data transfer operation using a single-hop manner. In addition, CHs have one important responsibility i.e. gathering data from its CMs and transferring the aggregated data to BS. www.nature.com/scientificreports/ They perform the inter-cluster data transfer operation using a multi-hop manner to transmit their data to the base station. See the network model in Fig. 2.
Energy model. The data transfer operation, which means sending and receiving data, is known as the most serious factor of energy consumption in the network. FSRF regards both free space and multi-path models to control how much energy is consumed in the recipient and sender. Note that the energy model used in this paper is similar to the energy radio model proposed by Heinzelman et al. 39 . In this case, the whole energy used in all nodes is equal to their consumption energy when sending and receiving data.
Here, E i tx and E i rx express the required energy of n i for transferring and getting data, respectively. When two nodes want to exchange their data with each other. In this case, one of them acts as a transmitter (also called n t ) and the other node plays the role of a receiver (also called n r ). Suppose l indicates the size of the exchanged data and d = (x r − x t ) 2 + y r − y t 2 is the distance from n t to n r where x r , y r and x t , y t are the spatial coordinates of n r to n t , respectively. In this case, Eq. (2) determines how much energy is used by n t .
So that E elec is the energy needed for the electrical equipment of n t or n r , ε fs represents the amplification factor in the free space, and ε mp indicates the amplification factor in the multi-path space. In Eq. (2), if the distance between n t and n r (i.e. d) is shorter than d 0 (i.e. the boundary value), the consumed energy is calculated based on the free-space model (the first line of Eq. (2)); otherwise, it is calculated based on the multipath model (the second line of Eq. (2)) 39 . d 0 is obtained from Eq. (3), which demonstrates a boundary condition for the data transfer scheme employed by n t and n r .
Finally, Eq. (4) determines how much energy is used by n r : www.nature.com/scientificreports/ Attack model. IoT employs wireless channels to communicate between the network nodes. Therefore, this network is exposed to serious security harm. The invading nodes can penetrate the network in different ways and launch various attacks on the network. This ruins the normal network performance and affects the secure data transfer operation due to the removal or manipulation of data packets and the energy discharge of the IoT nodes. Therefore, it is necessary that the nodes involved in the process are safe and reliable. FSRF focuses on blackhole, sinkhole, wormhole, selective forwarding, and flooding.
• Black hole or sinkhole attacks: In these attacks, when an invading node (black hole or sinkhole) gets a route request from other network nodes, it replies to this message to state that it has a suitable path to the destination, even though this claim is not right. When the requested node obtains this response, it may employ the insecure path, which includes a black hole or sinkhole, for transferring data. In this case, the invading node eliminates all data packets received from the source node. • Wormhole attack: In this attack, two invading nodes build a tunnel and state that they are neighbors (i.e. they are very close together) while this claim may be wrong. High-power nodes may carry out this attack. In this case, they have more resources than normal nodes. When the invading nodes build a forged path, they seek to attract network traffic and declare that the path is very efficient and suitable, and has smaller hops to the BS while it is not fact. After attracting the data traffic of normal nodes, the invading nodes can track their communications, copy and manipulate their data packets. • Selective forwarding attack: This attack, also called grey hole, is an advanced model of black hole attacks. In this attack, the invading node selectively deletes some packets but not all of them. It deletes only packets transmitted to a specific destination or eliminates a special type of packets. • Flooding attack: In this attack, the invading node continually transmits route requests to a specific node.
This work leads to the discharge of the target node, its storage space is full. This is because the invading node misuses the fact that some information about the route requests is stored in the memory of the target node. In this case, the target node cannot respond to the legal requests of other node and dies quickly because it loses high energy.

The proposed method
In this section, a fuzzy secure hierarchical routing scheme based on the firefly algorithm (FSRF) is explained for WSN-based IoT networks. FSRF comprises three main frameworks: fuzzy trust framework, firefly algorithmbased clustering framework, and inter-cluster routing framework.
Fuzzy trust framework. In FSRF, the fuzzy trust framework is tasked to analyze the reputation of nodes according to their interactive behavior when transferring and receiving data packets. Determining the trust value of the network nodes will be done using a fuzzy trust framework. Algorithm 1 offers a pseudo-code of the fuzzy trust framework. The Mamdani fuzzy system is used to design this framework. It comprises two inputs (i.e. direct trust and indirect trust), an output (i.e. total trust of network nodes), and the rule base. Each IoT node executes this fuzzy framework to characterize the trust value of its neighboring nodes. Additionally, the trust value of the nodes changes dynamically, and their energy decreases, and some of them die. Therefore, IoT nodes must renew the trust values related to their neighboring nodes at certain time intervals.
Fuzzy inputs. The proposed fuzzy framework comprises two inputs called direct trust and indirect trust.
indicates the urgent trust generated by n i for n j . It is acquired through the direct connection of n i and n j . In FSRF, the direct trust regards the packet delivery ratio (PDR), packet transfer frequency (PTF), packet reception frequency (PRF), and the consumed energy ratio (ECR).
• PDR j means a packet reception rate corresponding to n j . It expresses the ratio of packets received by n j to all data packets sent to this node. Note that a high PDR confirms the successful performance of n j and shows its reliability. However, if n j does not experiences a suitable PDR, it means that n j has high missing data. In this case, n j may be an invader. This increases the probability of attacks such as black holes, sink hole, and grey hole. Hence, the trust value corresponding to n j decreases. PDR j is calculated through Eq. (5).
Here, M received j (t) and M total j represent the number of packets received and sent to n j , respectively. • PTF j determines how many packets are transferred by n j at the time interval [t, t + t] . Note that a high PTF means that n j may be an invader because there is a high likelihood of flooding or wormhole attacks. In this case, the trust value of n j is reduced. PTF j is calculated by Eq. (6). • PRF j determines how many packets are received by n j at the time period [t, t + t] . Note that a high PRF j confirms that n j is safe and reliable. However, if n j gets low PRF j , n j may be an invader because the probability of attacks such as black hole, sinkhole or gray hole is high. PRF j can be achieved through Eq. (7).
So that M Received j counts the packets received in the interval [t, t + t]. • ECR j determines how much energy is consumed by n j in the time period [t, t + t] . Note that a high ECR j states that n j may be an invader because the probability of a flooding attack is high. ECR j is determined through Eq. (8).
So, E j (t) and E j (t + �t) are the residual energy of n j in two times t and t + t , respectively. According to the stated parameters, T direct ij is calculated based on Eq.  Fig. 3. T direct ij contains three modes, low, medium, and high.
• Indirect trust of n i related to n j ( T indirect ij ): T indirect ij characterizes the trust amount obtained from the recommended nodes, which are the common and reliable neighbors between n i and n j . The recommended nodes should be picked out from reliable nodes whose trust amount is more than T threshold . We assume that there is a set called R, which includes p recommended nodes between n i and n j so that Recommender , n 2 Recommender , ..., n p Recommender . In this case, T indirect ij is obtained using Eq. (11).
where T direct ix and T direct xj express the direct trust of n i to n x and the direct trust of n x to n j , respectively. Also, n x indicates a recommended node. The MF of T indirect ij is displayed in Fig. 4. T indirect ij contains three modes, including low, medium, and high. www.nature.com/scientificreports/ Fuzzy output. The output of this fuzzy trust framework illustrates the total trust ( T total ij ), which includes five modes (very low, low, medium, high, and, very high). See the MF of T total ij in Fig. 5.
Rule base. The proposed trust framework defines the rules presented in Table 2. For example, Rule 1 is stated below.   www.nature.com/scientificreports/  Figure 5; End Firefly algorithm-based clustering framework. Here, the firefly algorithm-based clustering framework is stated in FSRF. This framework will be executed by the base station. Algorithm 2 describes the clustering framework in FSRF. This framework comprises two steps: • Clustering • Cluster maintenance Clustering. Each IoT node, like n i , transfers a guide message to BS. The message is named a beacon, which contains the trust amount, location, remaining energy, hops to BS, centrality degree, and communication radius. Next, BS assesses the trust of n i to differentiate the trusted nodes from untrusted nodes. Note that the trusted nodes have high trust (more than T threshold ). In FSRF, only trusted nodes can be cluster heads. Then, the BS starts the FA-based CH selection algorithm. In this algorithm, each firefly plays the role of an IoT node ( n i ), and the value of this firefly states the chance of n i to behave as CH between neighboring nodes. In the first step, the value of each firefly is a random number. Here, each n i expresses a firefly, which may be a CH. It presents a response to the CH selection problem. The primary attractiveness of the fireflies is displayed as β 0 determined by the RAND function. In this CH selection framework, BS has an important responsibility, which must employ the FA algorithm to decide on the best CHs in the network. Thereafter, the base station will assess the fitness amount of each response (firefly) based on an objective function. This function is formulated in accordance with five parameters, namely the trust amount, remaining energy, hops to BS, communication radius, and the average distance to the neighboring nodes.
• Trust amount (T total ): The purpose of this parameter in the objective function is to select secure nodes as a CH because cluster heads have important tasks including the submission of data packets received from CMs, participation in the routing process between CHs, and the transmission of data packets of other CHs to the base station. Therefore, if an insecure node is selected as a CH, it can damage the normal performance of the network. The BS extracts T total from the guide message received from n i . "Fuzzy trust framework" section explains how to calculate T total in detail. If n i utilizes a higher trust amount, it has a greater chance to act as a CH because it is safer and can send the data to the network reliably. T total will be normalized by Eq. (12).
So that T thershold and T max are the minimum acceptable trust determined for CHs and the maximum trust amount in the network, respectively. • Remaining energy ( E r ): The purpose of this parameter in the objective function is that energy consumption in the network is evenly distributed between the IoT nodes to increase network longevity. In this regard, highenergy nodes have a responsibility to play the role of cluster heads because CHs have more responsibilities than normal nodes and consume more energy. If low-energy nodes play the role of CH, their energy will be ended quickly. In this case, finding the new CH is also accompanied by a lot of cost, time, and communication overhead. The BS extracts E r from the guide message obtained from n i . Energy is very important when deciding on CHs because IoT nodes suffer from energy restrictions on the network. Additionally, network nodes have different amounts of energy. Consequently, if n i has more energy than other nodes on the network, n i gets a higher chance to act as CH. E r is normalized according to Eq. (13). www.nature.com/scientificreports/ As, E r , E min , and E max are the remaining energy of n i , the lowest energy level, and the maximum energy level of the network nodes, respectively.

• Hops to BS (H c ): H c is very important in the decision-making process for CHs because if CHs have fewer hops
to the BS, the data packets reach the BS faster and experience less delay. H c is normalized using Eq. (14).
So that H c indicates the hop count from n i to the BS, H min represents the minimum hops to the BS, where H min = 1 , and H max expresses the maximum hops to the BS, which is dependent on the number of nodes (i.e. N) so that H max = N − 1. • Communication radius ( R com ): IoT nodes are heterogeneous and R com is different. In FSRF, this subject is intended in the CH selection framework, so that n i with a large R com gets a greater chance to act as CH because n i covers a wider range. R com is normalized based on Eq. (15).
So that R com , R min , and R max are the communication radius of n i , the least radius, and the highest radius, respectively. • Average distance to neighboring nodes ( D avg ): D avg shows the centrality of n i in the cluster. When n i is close to the cluster center, D avg is low. In this case, if a node close to the cluster center is selected as a CH, this increases energy efficiency in the network because the average distance between this CH and its CMs is reduced and the CH needs less energy to receive the data packets from CMs. This parameter will be calculated using Eq. (16).
Where T i indicates the number of neighbors of n i . Furthermore, d(n i , u) is the distance from n i to its neighbor (u). d(n i , u) is obtained through Eq. (17).
Where, x i , y i and x u , y u are the positions of n i and u, respectively. Finally, D avg is normalized using Eq. (18).
Where, D min and D max are the shortest and longest distances of neighboring nodes on the network, respectively. As a result, the objective function is calculated in accordance with Eq. (19).
So that 1 , 2 , 3 , α 1 , and α 2 represent the weight coefficients where, , and D norm avg are normalized in [0, 1] to have the same effect on the objective function. After determining the chance of each firefly (IoT node), the position of these fireflies is renewed using the firefly algorithm. In the FA-based CH selection framework, the algorithm is repeated 300 times (stop condition). Upon the FA-based clustering framework has ended, the BS picks out the best firefly with the highest fitness amount as a CH. Then, BS informs IoT nodes of their roles. Next, CHs prepare a notification message to inform their neighboring nodes of their roles on the network. This notification message includes the coordinates of CHs. When neighboring nodes get these notification messages, CHs must recognize their members. In the first mode, when an ordinary node gets one or more notification messages from different CHs, it sends a membership request to the nearest CH. In the second mode, when an ordinary node with a trust amount more than T threshold does not get any notification message from CHs, it acts as a CH and broadcasts a notification message to recognize. Now, there are two types of nodes in the network: CHs and CMs. The cluster member nodes are only associated with their CH and transfer their data to it. However, the CHs communicate directly with CMs and their neighboring CH.
Cluster maintenance. The purpose of the cluster maintenance process is to adjust the role of each node through the periodic exchange of guide messages so that the connections can be stable on the network. All IoT nodes participate in the cluster maintenance process. This process includes the following steps: • Connect to the cluster: When a new IoT node is connected to the network, it broadcasts a membership request.
A CH node that receives this request faster than other CHs, responds to it and accepts the membership of this new node in its cluster. www.nature.com/scientificreports/ • Leave the cluster: Each CM examines its connection with its CH through the periodic exchange of guide messages. If this link is invalid, CM has been removed from membership in the cluster, and again, the CM broadcasts a membership request on the network to connect to the nearest CH. • Cluster membership checking: Each CH examines its communication with its CMs through the periodic exchange of guide messages with its CMs. If the communication links are invalid, the CH should cancel the membership of the desired CM in its cluster. • Re-clustering: The status of IoT nodes changes depending on their energy levels or their trust over time. As a result, it is necessary for the BS to constantly monitor their status by periodic guide messages received from IoT nodes. If CHs lose their energy or trust amount, it transfers a cluster update message to its CMs and reruns the FA-based selection framework in "Firefly algorithm-based clustering framework" section. In this case, the IoT nodes are waiting for the FA-based clustering operation to be implemented by the base station to choose a new CH. www.nature.com/scientificreports/ Inter-cluster routing framework. In FSRF, the inter-cluster routing framework consists of two main steps: discovering paths between CHs and maintaining these paths. Algorithm 3 presents the pseudo-code related to the inter-cluster routing framework.
Discovering paths between CHs. FSRF executes an on-demand technique for discovering paths. When a cluster head, like CH S , is looking for a path to the BS. In the first stage, its routing table is searched, and CH S examines whether it can find a connected path to the BS. If yes, CH S connects to the BS through this path to transmit data packets. Otherwise, CH S begins a path search operation to find a safe and energy-efficient path. In this operation, CH S creates a route request (RREQ) and spreads it to its one-hop neighbors. View Fig. 6. See the format of RREQ in Fig. 7. The fields of this message are explained below: • Message type (MT): If MT = 1 , this control message indicates a RREQ • H c : It counts hops in the relevant path. CH S adjusts the initial amount of H c to zero and then, each intermediate node adds one unit to H c . In RREQ, H c helps prevent the formation of routing loops in the created paths. • RREQ ID: Each RREQ is marked with a special ID. This ID and the CH S address are used for checking RREQs and finding repeated RREQs. • E R : It determines how much energy is consumed to send data from CH S to the desired node through the relevant path. In general, E R is computed using Eq. (20).  where E tx and E rx , which are respectively obtained from Eqs. (2) and (4), are the required energy for transferring and getting RREQs. • D R: This field stores the total delay taken from CH S to the desired node (i.e. base station). The initial amount of D R is zero. In the next hops, the amount of D R is dependent on D Propagation , D Queuing , D Computing , and D Transmission . In this regard, the value of D R is refreshed using Eq. (22).
So, Source and Destination are the source and destination nodes, respectively. Note that D Propagation is the time taken for transferring data through the wireless link between two intermediate nodes. There is a direct relationship between D Propagation and the distance between the two nodes. D Propagation is derived from Eq. (23).
So that v media is the light speed (i.e. 3 × 10 8 ) and Dist CH i , CH j , which is calculated using Eq. (24), indicates the distance from CH i to CH j . www.nature.com/scientificreports/ So that x i , y i and x u , y u express the positions of CH i and CH j , respectively. In addition, D Queuing states a time interval when RREQs have to wait in the buffer queue to send. D Computing represents the time required to process RREQ in the relevant node. In addition, D Transmission indicates the time taken for transferring RREQ to the next CH. It is obtained according to Eq. (25).
So that br and msg size demonstrate the transfer rate and the size of RREQ, respectively. • T R: It determines whether a path is reliable. Initially, CH S adjusts the amount of T R to its trust amount. Then, T R will be updated in accordance with Eq. (26) in each hop. The amount of T R is considered the lowest trust amount of CHs in a routing path. T R helps CH S to prevent the selection of insecure paths.
where CH i and CH j show the pervious-hop and next-hop intermediate CHs in the present path (i.e. Route k ), respectively. Also, T total ij is the trust amount of CH i to CH j explained in "Fuzzy trust framework" section. After an intermediate CH gets RREQ, it first examines its ID and ensures that the RREQ is not old. Next, the intermediate node compares its remaining energy ( E r ) and its trust amount ( T total ) with E threshold and T threshold , respectively. If E r > E threshold and T total > T threshold , the CH is allowed to rebroadcast the RREQ. Otherwise, this CH should delete the RREQ. This strategy will improve the performance of the routing method in terms of Figure 9. Paths found between CH S and the BS. www.nature.com/scientificreports/ energy efficiency and security. Once the RREQ reaches the base station, the RREQ broadcast process ends. See this process in Fig. 8. Now, the base station must choose one path from the formed paths between CH S and itself. For example, see ROUTE1 and ROUTE2 in Fig. 9. In the route selection operation, the base station utilizes the information recorded in RREQs to calculate the score of each path based on Eq. (27).

Simulation tool NS2
The dimensions of network 100 × 100 m 2 BS position (50, 100) Total number of nodes 100 The number of nodes with 2 J energy 50 The number of nodes with 4 J energy 35 The number of nodes with 5 J energy 12 The number of nodes with 6 J energy 3 www.nature.com/scientificreports/ So that T R , E R , D R , and H c are the path trust (Eq. 27), the energy consumed in the path (Eq. 21), the delay taken in the path (Eq. 22), and hops counted in the path, respectively. Then, the BS chooses the high-score path to transfer the data between CH S and itself. Finally, the base station builds a route reply (RREP) message and transmits it for CH S through the determined path. After receiving RREP, CH S records the path in its table and uses it to transfer data to BS. See this process in Fig. 10.
Maintaining the formed paths. The path maintenance process is carried out to determine whether the formed path is cut (i.e. the route discovery process must be started again) or the formed path is connected. CHs regularly examine the connection status of the paths available in their routing table. For this reason, CH S carries out the periodic transmission of a route validation message through the existing path. If the BS gets the message, it will confirm the connection of the path and transfers an acknowledgment (ACK) to CH S . Otherwise, if CH S does not receive any confirmation message from the BS for a certain period of time, CH S is aware of the disconnection of the existing path and will begin the path search operation again in accordance with "Inter-cluster routing framework" section. www.nature.com/scientificreports/

Simulation and result evaluation
To accurately analyze the performance of FSRF, it must be carefully simulated and evaluated in different scenarios. For reaching this goal, the simulation operation is run in Network Simulator 2 (NS2) in accordance with the parameters listed in Table 3. According to the information recorded in this table, it can be found that    www.nature.com/scientificreports/ the dimensions of the simulation environment are 100 × 100 m 2 . In this process, 100 IoT nodes are randomly deployed in the simulation environment. These IoT nodes are immobile. They have heterogeneous energy sources, so there are 50 nodes with 2J energy, 35 nodes with 4 J energy, 12 nodes with 5 J energy, and 3 nodes with 6 J energy in the network. The transfer radius of these nodes is 20 meters. In FSRF, it is assumed that 10% of the nodes are hostile that are randomly selected from the network nodes with different energy levels. Each round includes 100 data transfer operations and each packet is 500 bytes. In this section, five test criteria are considered: • Criterion 1) Trust status: This criterion evaluates the trust amount of the network nodes, whether hostile or normal, after various rounds and the exchange of information between the network nodes. • Criterion 2) Network longevity: This criterion is used to analyze the lifetime of the network by counting the number of dead nodes in the network after various rounds. • Criterion 3) Energy level evaluation: This criterion is used to measure the energy stored in the nodes after various rounds. • Criterion 4) Energy balance: This criterion is used to evaluate whether the consumed energy is distributed between the network nodes evenly. To achieve this goal, the standard deviation of the energy consumed in nodes ( SD Energy ) is calculated. If SD Energy is close to zero, it confirms the balanced consumed energy between network nodes. However, if SD Energy is close to one, it shows an imbalance energy consumption in the network. • Criterion 5) Packet delivery rate: This criterion is for measuring the total number of data packets received at the destination compared to all packets sent from CH S .
We compare FSRF to EEMSR and E-BEENISH. The selection of these two methods has several reasons: • FSRF, EEMSR, and E-BEENISH are hierarchical and use clustering techniques to enhance energy efficiency in the network.  www.nature.com/scientificreports/ • EEMSR and FSRF have used metaheuristic algorithms to rise the performance of the IoT network so that EEMSR employs a genetic algorithm to correct the routing framework and FSRF employs the firefly algorithm to enhance the clustering process. • EEMSR and FSRF have provided powerful trust mechanisms to protect the network nodes. However, E-BEENISH has not considered any security mechanism.
Trust amount. The first criterion for examining the performance of FSRF is to evaluate the trust amount of the network nodes. The results of this evaluation are displayed in Fig. 11. Note that there are two hypotheses in the performance measurement process: (1) The invading nodes are present in the network (i.e. 10% of the total network nodes) and (2) the initial trust of the nodes is adjusted to 0.5. Figure 11 shows when launching the network, it is difficult to distinguish the hostile nodes from the honest nodes because the exchange of information between the nodes is low and their trust is not well known. After increasing the exchange between the nodes, the fuzzy trust system designed in FSRF can help the nodes to be accurately aware of the trust status of themselves and their neighboring nodes. This increases the trust of the honest nodes to one and reduces the trust of hostile nodes to zero. In this case, FSRF can well separate hostile nodes from honest nodes.
Network longevity. The second criterion for examining the performance of FSRF is network longevity, which is obtained by counting the number of dead nodes at each round. In Fig. 12, FSRF has achieved the best network longevity compared to EEMSR (approximately 10.34%) and E-BEENISH (approximately 56.35%).
Note that the performance of EEMSR and FSRF is very close to each other in terms of network longevity. If network longevity is defined based on the first node die (FND), EEMSR is superior to FSRF. However, if network longevity is defined based on half of the nodes die (HND) or the last node die (LND), the performance of FSRF   www.nature.com/scientificreports/ is better than that of EEMSR and E-BEENISH. Now, this experiment is repeated by changing the location of the BS to analyze its effect on the routing schemes. In Fig. 13, the BS position is in the corner of the network, i.e. (0, 0) . In this case, counting the number of dead nodes at each round indicates the improvement of this criterion by FSRF in comparison with EEMSR (16.93%) and E-BEENISH (74.79%). In Fig. 14, the BS is placed at the center of the network, i.e. (50, 50) . In this figure, FSRF has succeeded in improving this criterion compared to EEMSR (14.50%) and E-BEENISH (66.65%). In these two experiments (Figs. 13 and 14), FSRF is superior to EEMSR in terms of FND. Additionally, the two experiments prove that changing the position of BS in FSRF and EEMSR cannot have a great impact on their performance. As a result, they are adaptable. However, this change in position has affected the performance of E-BEENISH. The better performance of FSRF in terms of network longevity is rooted in the attention to energy and security at the same time because FSRF only allows the trusted nodes with high energy to broadcast RREQ. Furthermore, FSRF has taken into account the amount of energy consumed in the discovered routes in the route selection process, but EEMSR does not pay attention to this parameter in the routing process. In addition, in the clustering process, the high-energy nodes are selected as CHs. E-BEENISH has not paid attention to the security of the network, so invaders can reduce network longevity by impacting the network performance. In E-BEENISH, each CH must send data packets to the BS in a one-hop way, which requires a lot of energy. However, EEMSR and FSRF have used intermediate nodes to send data to the base station. This improves energy balance in the network and thus extends network longevity.
Energy. The third criterion for examining the performance of FSRF is to evaluate the amount of energy stored in the network nodes. See Fig. 15. FSRF improves the energy stored in the nodes by 10.79% and 28.51%, compared to EEMSR and E-BEENISH, respectively. Given this figure, it can be said that FSRF and EEMSR have a good performance in terms of energy stored in the nodes. However, the E-BEENISH has a weaker performance in this criterion because E-BEENISH does not pay attention to the energy of the nodes in the CH selection process, as well as the direct transmission of data from each CH to BS has reduced the energy stored in the nodes. Lack of attention to network security can also reduce the energy stored in nodes due to the selection of untrusted CHs, the need to re-transfer data, and high packet loss. However, EEMSR and FSRF do not have these problems and consequently, show a better performance. The fourth criterion for examining the performance of FSRF is to evaluate whether the energy is distributed between network nodes in a balanced manner. This criterion is determined by the standard deviation of the energy consumed in the nodes ( SD Energy ). The results of this experiment are presented in Fig. 16. If SD Energy is near zero, it confirms that the energy is consumed in a balanced manner. In contrast, if SD Energy is close to one, it confirms that the energy is consumed in an imbalance manner. As Shown in Fig. 16, FSRF has the least SD Energy , meaning that it can well balance the energy consumption between the network nodes. It reduced SD Energy by 21.48% and about 71.46% compared to EEMSR and E-BEENISH, respectively.
Packet delivery rate. The last criterion for the evaluation of FSRF is to investigate the packet delivery rate on the network. The results of this evaluation are shown in Figs. 17 and 18. Figure 17 presents the results of PDR according to the change in the percentage of hostile nodes in the network. FSRF has about less PDR (about 1.4%) than EEMSR because the trust mechanism designed in EEMSR is more powerful than that in FSRF. Furthermore, FSRF improves PDR (approximately 6.94%) compared to E-BEENISH because E-BEENISH has not paid attention to network security. As a result, PDR in E-BEENISH drops rapidly by increasing the percentage of hostile nodes on the network. In Fig. 18, the number of data packets delivered to the destination (i.e. BS) has been examined. According to this figure, FSRF has a lower PDR (approximately 6.01%) than EEMSR. However, PDR in FSRF has improved by approximately 11.16% compared to E-BEENISH. These results prove that EEMSR is more powerful than FSRF in terms of security. Whereas, FSRF works better than EEMSR in terms of energy efficiency, which is stated in Figs. 15 and 16.

Conclusion
In this paper, a fuzzy secure hierarchical routing scheme based on the firefly algorithm (FSRF) was proposed for WSN-based IoT networks. This scheme seeks to achieve network security and energy efficiency. In FSRF, a fuzzy logic-based trust framework was presented to get the trust of nodes to detect and prevent various attacks such as black hole, flooding, wormhole, sinkhole, and Grey hole. Moreover, in FSRF, a FA-based clustering framework was designed to improve the energy consumption of nodes and network longevity. It comprises an objective function that considers trust amount, remaining energy, hops to BS, communication radius, and centrality. Finally, FSRF designs an inter-cluster routing framework to find reliable and energy-efficient paths on the network. Comparison of FSRF with EEMSR and E-BEENISH proved that the proposed method guarantees energy efficiency in the network because it improved network longevity by 10.34% and 56.35% and the energy stored in the nodes by 10.79% and 28.51% compared to EEMSR and E-BEENISH, respectively. However, FSRF is weaker than EEMSR in terms of security and has less PDR (almost 1.4%) than EEMSR. In future research directions, FSRF is evaluated under more scenarios to show its benefits and disadvantages. Moreover, we can test the robustness and efficiency of FSRF against various attacks. Furthermore, we will utilize new strategies like Q-learning and artificial neural networks (ANNs) to design robust trust frameworks to better separate abnormal nodes from normal nodes. For future work, this scheme can be improved for IoT networks with mobile nodes.

Data availability
All data generated or analyzed during this study are included in this published article.